Jane is compliant with both the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). This guide outlines Jane's compliance framework and the built-in tools that help your clinic meet its ongoing UK and EU GDPR obligations.

📣 Heads up: GDPR compliance is a shared responsibility. Jane provides the platform, features, and documentation to support your clinic's compliance, but your clinic is responsible for how you collect, use, and manage patient data in your day-to-day operations.

Jane's GDPR Compliance Framework

Data Protection Officer

Jane has an in-house Data Protection Officer (DPO) who oversees our compliance program. You can reach our DPO, Jonathan Friesen, at [email protected].

System and Business Assessments

Jane has conducted comprehensive system and business assessments to ensure the platform meets UK and EU GDPR requirements. We continuously monitor for compliance as regulations evolve.

Privacy Documentation

Our Privacy Notice and Terms of Use reflect UK and EU GDPR requirements and are kept up to date:

• Privacy Notice
• Terms of Use

Data Processing Agreements

Jane provides Data Processing Agreements (DPAs) that outline our roles and responsibilities as a data processor, in line with Article 28 of the GDPR.

Breach Notification

Jane has established procedures to detect, report, and investigate personal data breaches in compliance with Article 33 of the UK and EU GDPR.

Data Security and Storage

Encryption

Your data is protected at every stage:

• In transit: 128-bit encryption when data moves between your computer and Jane's servers.
• At rest: 256-bit encryption for all stored data.

Data Storage Location

For clinics based in the UK or Europe, Jane stores your data on servers located in the UK. Jane maintains servers in multiple countries to comply with a range of international data protection laws, including the GDPR.

🩵 Jane Tip: If you have questions about which server holds your clinic's data, contact our Support Team or visit our Security FAQ for more information.

Cookie Consent and Management

Jane provides UK and EU GDPR-compliant cookie consent management, including opt-in requirements, information about the types of cookies used, and instructions for managing cookie preferences. See Jane's Cookie Policy for details.

Built-In Privacy Features for Your Clinic

Jane includes tools to help you maintain GDPR compliance in your daily operations.

Access Control and Security

• Unique user authentication: All staff require a unique username and password. Jane recommends against shared profiles to protect account security and maintain privacy settings. See Helping Staff Sign In.
• Role-based access: Account Owners can assign Access Levels to restrict what data each user can view and edit.
• Charting privacy: Practitioners control who can access their charts using Charting Privacy Options.
• Password management: Staff can reset passwords directly from the main login page. See Log In Help.
• 2-Step Verification: A one-time code is sent to the staff member's chosen verification method each time they log in. See 2-Step Verification.

Consent Management

Jane provides tools for obtaining and managing patient consent in accordance with applicable regulatory college and governing body requirements, including:

• Consent to collect personal data
• Consent to treatment
• Marketing consent, with active opt-out options

See our guide on Intake Forms for details on how to configure consent in Jane.

Audit Trail and Documentation

• Data export: Export charts, intake forms, or clinical notes to fulfil data subject access requests.
• Chart integrity: Sign and lock charts with a permanent timestamp.
• Error correction: The Amend function lets you correct charting errors while preserving the original sign and lock date and time.
• Activity monitoring: The Activity Log tracks all user activity for accountability and compliance. Each user can also view their own session logs.

Data Subject Rights

Jane includes tools to help you fulfil your patients' rights under the UK and EU GDPR:

• Right of access: Export charts, intake forms, or clinical notes on request.
• Right to rectification: Use the Amend function to correct errors while maintaining audit trails.
• Right to erasure: Jane includes tools to support data deletion requests.
• Right to data portability: Export patient data in accessible formats.

Related Guides

• GDPR Consent Rules
• GDPR Consent Language
• Security FAQ
• Jane's Privacy Notice

Have questions about privacy or data protection at Jane? Reach out to our Support team or contact our DPO directly at [email protected].